From patchwork Tue Sep  1 15:09:54 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg KH <gregkh@linuxfoundation.org>
X-Patchwork-Id: 264762
Return-Path: <SRS0=oSvm=CK=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,
 MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS,
 URIBL_BLOCKED, 
 USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 9EDC7C433E7
 for <stable@archiver.kernel.org>;
 Tue,  1 Sep 2020 15:31:23 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 6780B214D8
 for <stable@archiver.kernel.org>;
 Tue,  1 Sep 2020 15:31:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1598974283;
 bh=uIhW5tHOuw8G1JjTU52rcRogwkRDRzPM6/2NCn4Zdw8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From;
 b=jv29kxVqCbvq4/kBWOyREU0sNebEJ1t1Hg9GdPXquSas8byDSKjrwnef0MMBWrylb
 9B1dcpywD/5LNYA9Bc/mxfhkjBrMsLqyKeVrSJuftB/za/xIwVuJ3Pnbr4gCXk1ClA
 1TRUcc1wIQW/gu7INYzFbXCe9uABn84QeuVQ5XII=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1730697AbgIAPbW (ORCPT <rfc822;stable@archiver.kernel.org>);
 Tue, 1 Sep 2020 11:31:22 -0400
Received: from mail.kernel.org ([198.145.29.99]:34180 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1730694AbgIAPbT (ORCPT <rfc822;stable@vger.kernel.org>);
 Tue, 1 Sep 2020 11:31:19 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id 3913621548;
 Tue,  1 Sep 2020 15:31:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1598974278;
 bh=uIhW5tHOuw8G1JjTU52rcRogwkRDRzPM6/2NCn4Zdw8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=mcZk0qTXsgh8sQ12ZgjUFOaqt5gCCoYLAZV1HXDbeHrlDfEaQmHBD/W+x+J5CjmLk
 WVf9+Vz15GedM4+uJAj+YsbuDkXnXWiu4VZAsvA4uzkEYPHTZZxZEwIAOGMi8pT6MD
 97XVVhWq38u4feP6Qv/0y7H+eoMVB5dJU9xMNvAA=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Lukas Czerner <lczerner@redhat.com>,
 Jan Kara <jack@suse.cz>, Theodore Tso <tytso@mit.edu>,
 Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 114/214] jbd2: make sure jh have b_transaction set in
 refile/unfile_buffer
Date: Tue,  1 Sep 2020 17:09:54 +0200
Message-Id: <20200901150958.445923171@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200901150952.963606936@linuxfoundation.org>
References: <20200901150952.963606936@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Lukas Czerner <lczerner@redhat.com>

[ Upstream commit 24dc9864914eb5813173cfa53313fcd02e4aea7d ]

Callers of __jbd2_journal_unfile_buffer() and
__jbd2_journal_refile_buffer() assume that the b_transaction is set. In
fact if it's not, we can end up with journal_head refcounting errors
leading to crash much later that might be very hard to track down. Add
asserts to make sure that is the case.

We also make sure that b_next_transaction is NULL in
__jbd2_journal_unfile_buffer() since the callers expect that as well and
we should not get into that stage in this state anyway, leading to
problems later on if we do.

Tested with fstests.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20200617092549.6712-1-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/jbd2/transaction.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index de992a70ddfef..0b663269771d4 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1983,6 +1983,9 @@ static void __jbd2_journal_temp_unlink_buffer(struct journal_head *jh)
  */
 static void __jbd2_journal_unfile_buffer(struct journal_head *jh)
 {
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+	J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
+
 	__jbd2_journal_temp_unlink_buffer(jh);
 	jh->b_transaction = NULL;
 	jbd2_journal_put_journal_head(jh);
@@ -2530,6 +2533,13 @@ void __jbd2_journal_refile_buffer(struct journal_head *jh)
 
 	was_dirty = test_clear_buffer_jbddirty(bh);
 	__jbd2_journal_temp_unlink_buffer(jh);
+
+	/*
+	 * b_transaction must be set, otherwise the new b_transaction won't
+	 * be holding jh reference
+	 */
+	J_ASSERT_JH(jh, jh->b_transaction != NULL);
+
 	/*
 	 * We set b_transaction here because b_next_transaction will inherit
 	 * our jh reference and thus __jbd2_journal_file_buffer() must not